Re: Accepted password in auth.log

Absolutely!
To do administrative work on the router, I need to connect via SSH to the server (port forwarding on router) and tunnel to a squid proxy server there. I can then connect to the internal IP address of the router.

can think of connections being logged as coming from your router is if
someone logged into your router and then your internal machine.
Probably not the case at all but it's the simplest explanation.

I know. But I don't think that's what happened here. I do not think that this is necessarily a hacker. Just some weird situation where the router did not keep the original source IP address.. but I want to be sure and so I am looking for a way to replicate the situation.

Relevant Pages

Re: Cisco ASA IPSEC Tunnelling... I suggest creating a GRE tunnel between the MPLS connecting routers.... Configure the GRE tunnel to go from a loopback IP address on one router... DS-1/T-1 or similar connection....(comp.dcom.sys.cisco)

Re: vpn trouble... but you can route to the gif interfaces. ... The router terminating the T1 was separate from the router providing general internet access. ... We first built a simple IPencap tunnel between our FreeBSD box and their cisco. ... The FreeBSD side used a gif and the cisco side used a tunnel interface....(freebsd-net)

Re: IPSec/GRE & NAT/PAT...router behind a NAT Firewall... ... Since it is inside the crypto tunnel (sorry, ... NOT the GRE tunnel)....(comp.dcom.sys.cisco)

Re: OpenSwan - Linux VPN to Linux VPN... I want to be able to use all the resources on the host network.... I can get some of it to work changing the routes manually.... There are 4 IP addresses associated with a VPN tunnel:... The left router knows that the packet in destined via the tunnel, ...(comp.os.linux.networking)